CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46878
https://notcve.org/view.php?id=CVE-2021-46878
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27742 https://github.com/fluent/fluent-bit/pull/3115 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46879
https://notcve.org/view.php?id=CVE-2021-46879
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26851 https://github.com/fluent/fluent-bit/pull/3100 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36088
https://notcve.org/view.php?id=CVE-2021-36088
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). Fluent Bit (también se conoce como fluent-bit) versiones 1.7.0 hasta 1.7,4 presenta una doble liberación en la función flb_free (llamado desde flb_parser_json_do y flb_parser_do) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33750 https://github.com/fluent/fluent-bit/commit/22346a74c07ceb90296be872be2d53eb92252a54 https://github.com/fluent/fluent-bit/pull/3453 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2021-702.yaml • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-27186
https://notcve.org/view.php?id=CVE-2021-27186
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. Fluent Bit versión 1.6.10, presenta una desreferencia del puntero NULL cuando un valor de retorno flb_malloc no es comprobado por los archivos flb_avro.c o http_server/api/v1/metrics.c • https://github.com/fluent/fluent-bit/issues/3044 https://github.com/fluent/fluent-bit/pull/3045 https://github.com/fluent/fluent-bit/pull/3047 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35963
https://notcve.org/view.php?id=CVE-2020-35963
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion. La función flb_gzip_compress en el archivo flb_gzip.c en Fluent Bit versiones anteriores a 1.6.4, presenta una escritura fuera de límites porque no usa el cálculo correcto de la expansión máxima de tamaño de datos gzip. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27261 https://fluentbit.io/announcements/v1.6.4 https://github.com/fluent/fluent-bit/commit/cadff53c093210404aed01c4cf586adb8caa07af • CWE-787: Out-of-bounds Write •